These vulnerabilities allow an attacker to use a non-admin account to gain the admin password (CVE-2013-4975), use hard-coded credentials to log into the system (CVE-2013-4976), and execute arbitrary code by exploiting a buffer overflow (CVE-2013-4977).
Hikvision IP camera DS-2CD7153-E
Elevation of Privilege, Remote Code Execution, Security Bypass
Elevation of Privilege via Information Disclosure (CVE-2013-4975)
Exploitation of this vulnerability will grant an attacker access to sensitive information, such as plaintext usernames, passwords, etc. These can be used by the remote attacker to elevate their privileges to one of the revealed user accounts.
Security Bypass via Hardcoded Credential (CVE-2013-4976)
This vulnerability allows an attacker to bypass certain security restrictions on the system, allowing the attacker to gain unauthorized access to the system.
Remote Code Execution (CVE-2013-4977)
Exploitation of this vulnerability is possible by forming a malicious request and sending it to the affected server. Remote attackers who successfully exploit this vulnerability will be able to execute arbitrary code on the vulnerable system.
BeyondTrust Prevention and Detection:
- Do not make the camera publicly accessible, unless required.
- Filter HTTP requests to /PSIA/System/ConfigurationData.
- Filter the Range parameter in RTSP requests.